Friday, January 26, 2024

ASIS CTF Quals 2015 - Sawthis Writeup - Srand Remote Prediction


The remote service ask for a name, if you send more than 64 bytes, a memory leak happens.
The buffer next to the name's is the first random value used to init the srand()


If we get this value, and set our local srand([leaked] ^ [luckyNumber]) we will be able to predict the following randoms and win the game, but we have to see few details more ;)

The function used to read the input until the byte \n appears, but also up to 64 bytes, if we trigger this second condition there is not 0x00 and the print shows the random buffer :)

The nickname buffer:



The seed buffer:



So here it is clear, but let's see that the random values are computed with several gpu instructions which are decompiled incorrectly:







We tried to predict the random and aply the gpu divisions without luck :(



There was a missing detail in this predcitor, but there are always other creative ways to do the things.
We use the local software as a predictor, we inject the leaked seed on the local binary of the remote server and got a perfect syncronization, predicting the remote random values:




The process is a bit ugly becouse we combined automated process of leak exctraction and socket interactive mode, with the manual gdb macro.




The macro:



















Related posts

  1. Hacker Tools For Ios
  2. Pentest Tools Find Subdomains
  3. Pentest Tools Free
  4. Hacking Tools Software
  5. Pentest Tools Apk
  6. Hacker Tools Apk
  7. Pentest Tools Website
  8. Pentest Tools Kali Linux
  9. Game Hacking
  10. Hacking Tools 2020
  11. Hacking Tools 2020
  12. Best Pentesting Tools 2018
  13. Hacker Tools
  14. Pentest Tools Kali Linux
  15. New Hacker Tools
  16. Hack Tools
  17. Hacker Techniques Tools And Incident Handling
  18. Hack Tools
  19. Pentest Tools For Windows
  20. Pentest Tools Review
  21. Android Hack Tools Github
  22. Github Hacking Tools
  23. Pentest Tools Alternative
  24. Blackhat Hacker Tools
  25. Hacks And Tools
  26. Hacking Tools Kit
  27. Pentest Tools Url Fuzzer
  28. Nsa Hack Tools
  29. Hacking Tools Hardware
  30. Install Pentest Tools Ubuntu
  31. Pentest Tools Url Fuzzer
  32. Hacking Tools For Beginners
  33. Pentest Tools Linux
  34. Pentest Tools Free
  35. Pentest Automation Tools
  36. Hack Tools For Ubuntu
  37. Hack Tools For Mac
  38. Pentest Tools For Android
  39. Hacker Tools Windows
  40. Hacking Tools For Mac
  41. Pentest Tools Apk
  42. Hack Tools Download
  43. Best Pentesting Tools 2018
  44. Pentest Tools Subdomain
  45. Hacking Tools Github
  46. How To Install Pentest Tools In Ubuntu
  47. Nsa Hacker Tools
  48. Hacking Tools For Windows Free Download
  49. Hacking Tools Software
  50. Hacking Tools For Windows 7
  51. Hacking Tools For Kali Linux
  52. Android Hack Tools Github
  53. Hacker Tools Free Download
  54. Hacking Tools Free Download
  55. Best Hacking Tools 2019
  56. Tools For Hacker
  57. Hack Apps
  58. Ethical Hacker Tools
  59. Hack Apps
  60. Pentest Recon Tools
  61. Pentest Tools For Mac
  62. Hacking App
  63. Pentest Automation Tools
  64. Hack Tools For Ubuntu
  65. Install Pentest Tools Ubuntu
  66. Hacking Tools For Games
  67. Hacker Search Tools
  68. Termux Hacking Tools 2019
  69. Hacker Tools Apk
  70. Nsa Hacker Tools
  71. What Is Hacking Tools
  72. Pentest Tools List
  73. Hacking Tools For Beginners
  74. What Are Hacking Tools
  75. Install Pentest Tools Ubuntu
  76. New Hacker Tools
  77. Pentest Tools For Mac
  78. Pentest Recon Tools
  79. How To Hack
  80. Pentest Tools Url Fuzzer
  81. Black Hat Hacker Tools
  82. Physical Pentest Tools
  83. Hacker Tools Github
  84. Tools Used For Hacking
  85. Hacker Tools For Windows
  86. Hak5 Tools
  87. Hack Rom Tools
  88. Hacking Tools Github
  89. Hacker Tools Apk Download
  90. Hacker Tools
  91. Hacker Tools Hardware
  92. Hack Tool Apk
  93. Hacking Tools 2020
  94. Pentest Box Tools Download
  95. Pentest Tools Url Fuzzer
  96. Hack Tools Mac
  97. Hacker Tools Free
  98. Hacking Tools Mac
  99. Hacking Tools For Mac
  100. Hacker Tools Windows
  101. Hacking Apps
  102. Pentest Tools Tcp Port Scanner
  103. Pentest Reporting Tools
  104. Pentest Tools Kali Linux
  105. Hack Tool Apk No Root
  106. Usb Pentest Tools
  107. Pentest Tools Port Scanner
  108. Computer Hacker
  109. Hacking Tools For Pc
  110. Hacking Tools For Kali Linux
  111. How To Hack
  112. Pentest Tools Tcp Port Scanner
  113. Hacking Tools For Kali Linux
  114. Pentest Tools Website Vulnerability
  115. Pentest Tools Port Scanner
  116. Pentest Reporting Tools
  117. Pentest Tools Open Source
  118. Hacking Tools For Windows 7
  119. Hack Tool Apk
  120. How To Hack
  121. Hack Tools For Mac
  122. Hak5 Tools
  123. What Are Hacking Tools
  124. Hack Tools Pc
  125. Hacking Tools For Beginners
  126. New Hacker Tools
  127. Hacking Tools For Games
  128. How To Make Hacking Tools
  129. Hacker Tools Github
  130. Game Hacking
  131. Pentest Tools Find Subdomains
  132. Pentest Tools Apk
  133. Hack Tools For Ubuntu
  134. Free Pentest Tools For Windows
  135. Pentest Tools Online
  136. Hacking Tools Usb
  137. Tools 4 Hack
  138. Hacking Tools For Windows 7
  139. Hacking Tools Github
  140. Hacking Tools Kit
  141. Tools Used For Hacking
  142. Kik Hack Tools
  143. Github Hacking Tools
  144. How To Hack
  145. Pentest Tools Tcp Port Scanner
  146. Hacks And Tools
  147. Hacking Tools For Windows 7
  148. Blackhat Hacker Tools
  149. Github Hacking Tools
  150. Hacker Tools Github
  151. Pentest Tools List
  152. Hacking Tools Github
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)